You are here

9 Steps to Effective Third-party Due Diligence

The Corpro's picture
Published: 11/12/19 - Country: Cyprus

Faced with complex, global third-party networks, it’s more critical than ever for you to have an effective strategy for evaluating and monitoring third-party risk. This guide outlines nine steps for an enhanced due-diligence process to ensure you have the insights needed to avoid financial and reputational harm due to third-party relationships.



Understand Compliance Concerns

The global nature of business today subjects enterprises to a growing number of regulations and a greater need to mitigate risk exposure through partners and third parties, regardless of where they are located in order to comply with these high standards.

Define Corporate Objectives for Due Diligence

Your due-diligence process needs to align with the strategic, financial, regulatory and reputational risks your organization may face. This is especially true for organizations doing business with third parties in countries that attract high levels of regulatory scrutiny.

Gather Key Information

For a corporate entity, organizations need to collect basic information including:

  • Incorporation documents
  • Details on key shareholders and beneficiaries
  • Group structure, board members
  • Political connections
  • Official references

For an individual, organizations need to focus on gathering:

  • Proof of identity
  • Source of wealth and funds
  • Potential political links

Screen Prospective Third Parties against Watchlists and PEPs

Once a basic level of vetting has taken place, prospective third parties—both companies and individuals—should be subjected to a watchlist screening process. By conducting watchlist and politically exposed persons (PEP) checks early in the process, companies can quickly determine if the potential third-party relationship poses a significant risk. Names of companies, individuals, NGOs and, if applicable, assets such as vessels should be checked against:

  • Global sanctions lists
  • Law enforcement lists of known criminal entities
  • Regulator-published lists of debarred or disqualified companies and individuals
  • PEP lists to identify government or official connections

Conduct a Risk Assessment

Once preliminary information collection and watchlist screening have taken place, perform a risk assessment.

Considerations should include:

  • Country of origin risks such as those identified by Transparency International’s Corruption Perceptions Index rating
  • Specific sector risks like a high level of government involvement that might increase corruption risk in the defense industry or dependence on local agents that might increase bribery risk in the construction industry
  • Entity risks such as the use of intermediaries in transactions, joint-venture partners and exposure to money laundering
  • Essential internal factors related to financial risk including deficiencies in employee training, skills and knowledge, a bonus culture that rewards excessive risk-taking, lack of clear policies and procedures related to hospitality and promotional expenditure and political or charitable contributions.

Validate the Information Collected

Following the risk assessment, your due-diligence process should include verification of the information that has been accrued. For low-risk third parties, this final screening involves corroborating details against public records, a credit check, specialized databases like CIFAS and filed reports and accounts. High-risk third parties require an enhanced due-diligence process of the entity itself, as well as known associates, subsidiaries and other related entities. Negative news checks also establish potential reputational risks from media archives, and checks against legal databases detect the litigation history of the prospective client or third party.

Audit the Due-Diligence Process

Throughout the due-diligence process, your organization needs to maintain a comprehensive record of relevant documents, assessments and decisions to ensure you can demonstrate ROI and prove that decisions to engage with partners or third parties were made in good faith.

Establish an On-Going Monitoring Plan

Once a third party has been vetted, you still need to actively monitor the relationship to ensure that you are aware of potential problems before they put your organization at risk.

Review Your Due-Diligence Process Regularly

Business needs change. Commit to recurrent reviews with stakeholders to ensure that your due-diligence process is always aligned with those needs over time.

Subscribe to The Journal

* indicates required
Areas of Interest

Pragma International will use the information you provide on this form to be in touch with you and to provide updates and marketing. Please let us know all the ways you would like to hear from us:

You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, or by contacting us at We will treat your information with respect. For more information about our privacy practices please visit our website. By clicking below, you agree that we may process your information in accordance with these terms.

We use Mailchimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp's privacy practices here.

Article Rating: 
Average: 4.5 (2 votes)
Total reads: 4,471
The Corpro's picture

CORPRO is a boutique corporate and administrative services provider with an extensive wealth of experience and expertise. We are a Cyprus-based Company which provides complete range of professional services specializing in incorporation of businesses and administration services.

Amongst other services, we provide complete solutions to our clients wishing to set up or relocate their business in several jurisdictions. As a member of several global associations and through our trusted Partners, we provide top notch services for clients worldwide.

Quality and trust are the keynotes of our operation. We pay close attention to the quality of services provided to our clients and we focus to the growth of their business.

Corporate, credit risk, compliance and other professional services are also offered in the Middle East market through our second office located in Dubai (UAE).



United Arab Emirates